67 Commits (8412181746374e00cd30856abb4883739d94c14c)

Author SHA1 Message Date
Aivars Sterns 9c86da1403 Normalize tags in all places to prepare for tag fixing in future (#1739) 7 years ago
foxyriver 30b5493fd6 use command module instead of shell module 7 years ago
Brad Beam ac281476c8 Prune unnecessary certs from vault setup (#1652) 7 years ago
Matthew Mosesohn 6744726089 kubeadm support (#1631) 7 years ago
Maxim Krasilnikov e16b57aa05 Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster (#1632) 7 years ago
Brad Beam a341adb7f3 Updating CN for node certs generated by vault (#1622) 7 years ago
mkrasilnikov 957b7115fe Remove node name from kube-proxy and admin certificates 7 years ago
mkrasilnikov bf0af1cd3d Vault role updates: 7 years ago
Brad Beam 8ae77e955e Adding in certificate serial numbers to manifests (#1392) 7 years ago
Maxim Krasilnikov 6eb22c5db2 Change single Vault pki mount to multi pki mounts paths for etcd and kube CA`s (#1552) 7 years ago
Brad Beam 8b151d12b9 Adding yamllinter to ci steps (#1556) 7 years ago
Maxim Krasilnikov 2ba285a544 Fixed deploy cluster with vault cert manager (#1548) 7 years ago
Matthew Mosesohn df28db0066 Fix cert and netchecker upgrade issues (#1543) 7 years ago
jwfang 092bf07cbf basic rbac support 7 years ago
Dann Bohn d1f58fed4c Template out known_users.csv, optionally add groups 7 years ago
Brad Beam db3e8edacd Fixing up vault variables 7 years ago
Sergii Golovatiuk 674b71b535 Ansible 2.3 support 7 years ago
Matthew Mosesohn ae7f59e249 Skip vault cert task evaluation completely when using script cert generation 7 years ago
Matthew Mosesohn 5a5707159a Fix multiline condition for k8s check certs 7 years ago
Matthew Mosesohn a3f568fc64 restart scheduler and controller-manager too 7 years ago
Matthew Mosesohn 1887e984a0 Change wait for dnsmasq to skip if there are no kube-nodes in play 7 years ago
Matthew Mosesohn a422ad0d50 More idempotency fixes 7 years ago
Vincent Schwarzer 026da060f2 Granular authentication Control 7 years ago
Matthew Mosesohn 45274560ec Disable vault role properly on ansible 2.2.0 7 years ago
Matthew Mosesohn d176818c44 Use find module for checking for certificates 7 years ago
Matthew Mosesohn a21eb036ee Add no_log to cert tar tasks 7 years ago
Andrew Greenwood ca9ea097df Cleanup legacy syntax, spacing, files all to yml 7 years ago
Matthew Mosesohn 80c0e747a7 Fix references to CoreOS and Container Linux by CoreOS 7 years ago
Vladimir Rutsky 09847567ae set "check_mode: no" for read-only "shell" steps that registers result 7 years ago
Josh Conant 245e05ce61 Vault security hardening and role isolation 7 years ago
Matthew Mosesohn e5779ab786 Fix check for node-NODEID certs existence 7 years ago
Matthew Mosesohn fd30131dc2 Revert "Drop linux capabilities and rework users/groups" 7 years ago
Sergii Golovatiuk 585afef945 Remove nsenter workaround 7 years ago
Matthew Mosesohn 08822ec684 Fix cert distribution at scale 7 years ago
Bogdan Dobrelya cb2e5ac776 Drop linux capabilities and rework users/groups 7 years ago
Greg Althaus 0d44599a63 Add explicit name printing in task names for deletgated task during 7 years ago
Greg Althaus 6c69da1573 This PR adds/or modifies a few tasks to allow for the playbook to 7 years ago
Matthew Mosesohn 80703010bd Use only one certificate for all apiservers 7 years ago
Matthew Mosesohn 3f274115b0 Generate individual certificates for k8s hosts 7 years ago
Bogdan Dobrelya 5af2c42bde Better fix for different CoreOS os family facts 7 years ago
Bogdan Dobrelya f7447837c5 Rename CoreOS fact 7 years ago
Matthew Mosesohn 6d9cd2d720 Fix calico-rr to use etcd certs instead of kube certs 7 years ago
Aleksandr Didenko d57c27ffcf Add calico/routereflector support 8 years ago
Bogdan Dobrelya 8cc84e132a Add tags 8 years ago
Matthew Mosesohn 46ee9faca9 Fix ca certificate loading on CoreOS 8 years ago
Matthew Mosesohn f106bf5bc4 adds ability to have hosts with no floating ips on terraform/openstack (+8 squashed commits) 8 years ago
Matthew Mosesohn c7b00caeaa Use tar+register instead of copy/slurp for distributing tokens and certs 8 years ago
Matthew Mosesohn 0e9d1e09e3 Sync master tokens only with those in play_hosts 8 years ago
Matthew Mosesohn 84052ff0b6 use nginx proxy on non-master nodes to proxy apiserver traffic 8 years ago
Paul Czarkowski d8bebcd201 Fix issue with check_certs playbook 8 years ago